On Sat, 28 Feb 2009 20:23:45 -0600, Bruce Dubbs <bruce.du...@gmail.com> wrote: > Matthew Burgess wrote: >> Hi all, >> >> "Notes on Building Software" in BLFS recommends, quite rightly, >> that readers should do as little as possible as 'root', and only >> use superuser privs for operations that require them (e.g. >> 'make install'). >> >> And, as this is *LFS I have chosen to ignore that advice up >> until now and keep all the pieces when it breaks :) >> >> I've been bitten by another bug/issue in the Python test >> suite that only affects the root user (this is in the httpservers >> tests, so is different from the original failure I saw back with >> Python-2.5, raised in comment 10 of #2200). If I run the tests >> as non-root they pass fine. >> >> So, my question is, should LFS and BLFS enforce, or at >> least more clearly encourage folks to build/install as non-root? >> >> In order to be able to support build automation, I'm considering >> using 'sudo' along with a dedicated build-user, who is >> configured in sudo to not require the root password. >> >> Do you think that this approach is suitable for LFS/BLFS? > > The philosophy for Unix and all its look alikes is, in general, to allow > the > user to do whatever he wants. It's not our responsibility to 'enforce' > the > build as non-root recommendation. I'm not sure I see that advantage of a > dedicated build user, but that certainly is a possibility. It just means > that a > user must sudo or su to the build user to manipulate files in the build > directories. > > I'm not sure how we would 'more clearly encourage folks to build/install > as > non-root'. What did you have in mind?
Something along the lines of actually installing sudo in chapter 5 of LFS, and configuring it such that an 'lfs' user exists in chapter 6 with appropriate configuration to get to 'root' without a password (with appropriate warnings about the potential security implications of that, of course). In early chapter 6, we'd chroot into the LFS partition, but immediately su up to the lfs user. All privilege-requiring instructions would then be written in the same style as BLFS, i.e. "Now, as the root user...". Regards, Matt. -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
